U.S. patent application number 10/356150 was filed with the patent office on 2004-08-05 for methods and apparatus to limit transmission of data to a localized area.
Invention is credited to Andre, Michael R.., Traw, C. Brendan S..
Application Number | 20040151179 10/356150 |
Document ID | / |
Family ID | 32770726 |
Filed Date | 2004-08-05 |
United States Patent
Application |
20040151179 |
Kind Code |
A1 |
Andre, Michael R.. ; et
al. |
August 5, 2004 |
Methods and apparatus to limit transmission of data to a localized
area
Abstract
Methods and apparatus are disclosed for limiting transmission of
data to a localized area in a networked environment. In an example
method, a request to transmit data from a source device to a sink
device is received. If the data to be transmitted is localized
data, a time to live value associated with the data is set to a
first predetermined value. If the data to be transmitted is not
localized data, a time to live value associated with the data is
set to a second predetermined value. The data is transmitted toward
the sink device. If the transmitted data is routed through the
Internet, the time to live value associated with the transmitted
data is decremented every time the data passes through an IP
router. If the time to live value reaches zero, the transmitted
data is destroyed. The first predetermined value is selected such
that the time to live value will typically reach zero before the
localized data can be transmitted from the source device in a first
local network to the sink device in a second local network.
Inventors: |
Andre, Michael R..;
(Beaverton, OR) ; Traw, C. Brendan S.; (Portland,
OR) |
Correspondence
Address: |
GROSSMAN & FLIGHT LLC
Suite 4220
20 North Wacker Drive
Chicago
IL
60606-6357
US
|
Family ID: |
32770726 |
Appl. No.: |
10/356150 |
Filed: |
January 31, 2003 |
Current U.S.
Class: |
370/392 |
Current CPC
Class: |
H04L 69/22 20130101;
H04L 45/00 20130101; H04L 45/20 20130101; H04N 21/835 20130101;
H04N 21/43615 20130101; H04L 12/2803 20130101; H04L 29/06
20130101 |
Class at
Publication: |
370/392 |
International
Class: |
H04L 012/28 |
Claims
What is claimed is:
1. A method of limiting transmission of data comprising: setting a
time to live parameter in a header associated with the data to a
value approximately equal to a number of routers expected in a home
network; transmitting the header and the data from a source device
toward a sink device via a network; decrementing the time to live
parameter in the header when the header passes through a router;
and if the time to live parameter falls to a predetermined value,
destroying the transmitted header and the transmitted data.
2. A method as defined in claim 1 further comprising: receiving the
header and the data at the sink device; comparing the time to live
parameter to a second predefined parameter at the sink device; and
destroying the header and the data if the time to live parameter is
greater than the second predefined parameter.
3. A method as defined in claim 2 wherein the source device is
located in a first home network, the sink device is located in a
second home network, and the time to live parameter falls to the
predetermined value such that the header and the data are destroyed
before reaching the second home network.
4. A method as defined in claim 2 wherein the second parameter is
the value substantially equal to the number of routers expected in
a home network.
5. A method as defined in claim 1 wherein the header is an Internet
Protocol header.
6. A method as defined in claim 1 wherein the number of routers
expected in a home network is a number of Internet Protocol routers
expected in an average home network.
7. A method as defined in claim 1 wherein decrementing the time to
live parameter in the header when the header passes through a
router comprises decrementing the time to live parameter in the
header when the header passes through an Internet Protocol
router.
8. A method as defined in claim 1 wherein the predetermined value
is approximately zero.
9. A method as defined in claim 1 wherein the data is proprietary
content.
10. A method as defined in claim 1 wherein the data comprises
localized data.
11. A method of limiting transmission of localized data comprising:
setting a time to live parameter in a header associated with the
localized data to a value less than a number of routers expected in
an Internet communications link; transmitting the header and the
localized data from a source device toward a sink device via a
network; decrementing the time to live parameter in the header when
the header passes through a router in the Internet communications
link; and if the time to live parameter is less than or equal to a
predetermined value, destroying the transmitted header and the
transmitted localized data.
12. A method as defined in claim 11 further comprising: receiving
the header and the localized data at the sink device; comparing the
time to live parameter to a second predefined parameter at the sink
device; and destroying the header and the localized data if the
time to live parameter is greater than the second predefined
parameter.
13. A method as defined in claim 12 wherein the source device is
located in a first home network, the sink device is located in a
second home network, and the time to live parameter falls to the
predetermined value such that the header and the localized data are
destroyed before reaching the second home network.
14. A method of substantially limiting transmission of localized
data comprising: receiving a request to transmit data from a source
device to a sink device; if the data to be transmitted is localized
data, responding to the request by setting a time to live value
associated with the data to a first predetermined value; if the
data to be transmitted is not localized data, responding to the
request by setting the time to live value associated with the data
to a second predetermined value; and transmitting the data toward
the sink device.
15. A method as defined in claim 14 further comprising destroying
the transmitted localized data if the time to live value falls to a
third predetermined value.
16. A method as defined in claim 14 wherein the second
predetermined value is greater than the first predetermined
value.
17. A method as defined in claim 14 wherein the second
predetermined value is greater than the first predetermined value
by approximately a factor of six.
18. A method as defined in claim 14 wherein the time to live
parameter is decremented by a router operating in accordance with
an Internet Protocol.
19. A method as defined in claim 14 wherein transmitting the data
comprises transmitting the data without encrypting the data.
20. A method as defined in claim 14 wherein the first predetermined
value is selected to substantially limit transmission of the
localized data to a local area.
21. A method as defined in claim 20 wherein the local area is a
home network.
22. A method as defined in claim 20 wherein the second
predetermined value is selected to permit transmission of the data
throughout a wide area network.
23. A method as defined in claim 22 wherein the wide area network
is the Internet.
24. A method as defined in claim 15 wherein the third predetermined
value is approximately zero.
25. A method as defined in claim 14 further comprising: receiving
the data at the sink device; and if the received data is localized
data, destroying the received data if the time to live value
associated with the received data is greater than a fourth
predetermined value.
26. A method as defined in claim 25 wherein the fourth
predetermined value is substantially equal to the first
predetermined value.
27. A tangible medium storing machine readable instructions which,
when executed by a machine, cause the machine to: respond to a
request to transmit data from a source device to a sink device by
determining if the data to be transmitted is localized data; set a
time to live value associated with the data to a first
predetermined value if the data to be transmitted is localized
data; and set the time to live value associated with the data to a
second predetermined value if the data to be transmitted is not
localized data.
28. A tangible medium as defined in claim 27 wherein the machine
readable instructions further cause the machine to transmit the
data toward the sink device.
29. A tangible medium as defined in claim 28 wherein the data is
transmitted without encryption.
30. A tangible medium as defined in claim 27 wherein the second
predetermined value is greater than the first predetermined
value.
31. A tangible medium as defined in claim 27 wherein the second
predetermined value is greater than the first predetermined value
by approximately a factor of six.
32. A tangible medium as defined in claim 27 wherein the time to
live parameter is decremented by a router operating in accordance
with an Internet Protocol.
33. A tangible medium as defined in claim 27 wherein the first
predetermined value is selected to substantially limit transmission
of the localized data to a local area.
34. A tangible medium as defined in claim 33 wherein the local area
is a home network.
35. A tangible medium as defined in claim 27 wherein the second
predetermined value is selected to permit transmission of the data
throughout a wide area network.
36. A tangible medium as defined in claim 35 wherein the wide area
network is the Internet.
37. A tangible medium as defined in claim 27 wherein the third
predetermined value is approximately zero.
38. A tangible medium as defined in claim 27 wherein the machine
readable instructions further cause the machine to: respond to
received data by determining if the received data is localized
data; and destroy the received data if the time to live value
associated with the received data is greater than a fourth
predetermined value and the received data is localized data.
39. A tangible medium as defined in claim 38 wherein the fourth
predetermined value is substantially equal to the first
predetermined value.
40. An apparatus to limit exchange of localized data comprising: a
localized content identifier to identify localized data; and a life
limiter to set a time to live parameter associated with localized
data to a predetermined value selected to limit a number of routers
the localized data may pass through before the localized data is
destroyed to a level that substantially precludes exchange of the
localized data between a source device in a first local network and
a sink device in a second local network.
41. An apparatus as defined in claim 40 wherein the time to live
parameter is located in an Internet Protocol header and the number
of routers is a number of Internet Protocol routers.
42. An apparatus as defined in claim 41 further comprising a
formatting engine to develop an Internet datagram including the
Internet Protocol header having the time to live parameter.
43. An apparatus as defined in claim 42 wherein the formatting
engine sets the time to live parameter to a second predetermined
value, and the life limiter only changes the time to live parameter
to the first predetermined value if the data is localized.
44. An apparatus as defined in claim 43 wherein the first
predetermined value is smaller than the second predetermined
value.
45. An apparatus as defined in claim 40 further comprising a tamper
tester to determine if the time to live parameter associated with
received localized data has been subjected to tampering.
46. An apparatus as defined in claim 45 wherein the tamper tester
determines if the time to live parameter associated with received
localized data has been subjected to tampering by comparing the
time to live parameter to a second predetermined value.
47. An apparatus as defined in claim 46 wherein, if the time to
live parameter is greater than the second predetermined value, the
tamper tester destroys the received data.
48. An apparatus to limit exchange of localized data comprising: a
localized content identifier to determine if received data is
localized data; and a tamper tester to destroy received localized
data if a time to live parameter associated with the received
localized data has been subjected to tampering.
49. An apparatus as defined in claim 48 wherein the tamper tester
determines if the time to live parameter associated with the
received localized data has been subjected to tampering by
comparing the time to live parameter to a second predetermined
value.
50. A gateway coupling a local network to a wide area network
comprising: a source identifier to determine if a received packet
is received from the local network or the wide area network; and a
life limiter to decrement a time to live field associated with the
received packet by a first amount if the packet is received from
the local network and to decrement the time to live field
associated with the received packet by a second amount if the
packet is received from the wide area network.
51. A gateway as defined in claim 50 wherein the first amount is
greater than the second amount.
52. A gateway as defined in claim 50 further comprising a packet
destroyer to destroy the received packet if the time to live field
associated with the packet is equal to a predetermined value.
53. A gateway as defined in claim 50 further comprising a routing
engine to route the packet toward an intended destination if the
time to live field associated with the packet is greater than a
predetermined value.
54. A gateway as defined in claim 50 wherein the wide area network
is the Internet and the local network is a home network.
55. A method of routing packets between a local network and a wide
area network comprising: determining if a packet was received from
the local network or the wide area network; if the packet was
received from the wide area network, decrementing a time to live
field associated with the packet by a first amount; and if the
packet was received from the local network, decrementing the time
to live field associated with the packet by a second amount.
56. A method as defined in claim 55 wherein the first amount is
less than the second amount.
Description
FIELD OF THE DISCLOSURE
[0001] This disclosure relates generally to data transmission
restriction, and, more particularly, to methods and apparatus to
limit transmission of data to a localized area in a networked
environment.
BACKGROUND
[0002] In recent years, consumers have demanded increased access to
copyrighted content (e.g., movies, music, books, etc.) in digital
form via cable television, satellite broadcasting, the Internet,
digital versatile disks (DVD), compact disks (CDs), etc. Because
this valuable content is provided in a digital format at high
quality levels, and because digital data is highly reproducible,
pirates have frequently sought to usurp the profits of the
copyright holders by making and selling unauthorized copies of this
digital content. Efforts have been underway to provide mechanisms
for limiting unauthorized copying and distribution of this
copyrighted content to ensure the copyright holders are rewarded
for the consumption of their intellectual property.
[0003] To address some of these concerns, a group of technology
companies recently developed Digital Transmission Content
Protection (DTCP) technology. DTCP provides a protocol in which
various cryptographic techniques are employed to prevent
unauthorized copying and distribution of digital content. In DTCP,
copy control information (CCI) is carried by the digital content.
The CCI specifies the conditions for copying the associated
content. For example, digital content may be classified by the CCI
such that (a) the content may be freely copied (no authentication
required to access the content and no encryption needed to transmit
the content), (b) the content may never be copied, or (c) one
generation of copies may be made of the content and then classified
as (d) no more copies. To access digital content protected by DTCP,
a device must be authorized (i.e., have access to the decryption
key(s) used to unlock the content). If an authorized device is
instructed to copy the digital content, the authorized device will
read the CCI information and abide by the criteria set therein.
Thus, the CCI information ensures that all DCTP content carries a
set of rules governing reproduction of that content, which has the
salutary effect of preventing pirates from purchasing one
legitimate copy of copyrighted content and then making multiple
unauthorized copies.
[0004] While DTCP is a significant advance in controlling
distribution and copying of digital content, the recent
proliferation of digital technology in the home environment
presents additional challenges to controlling copyrighted
materials. For example, it is becoming more common for a home to
include a home Internet Protocol (IP) based network in which a
number of entertainment and/or information devices (e.g., a
computer, a DVD player, a digital or analog video recorder, a
television, etc) are networked. Thus, it is frequently desirable to
transfer copies of copyrighted material from device to device
within the home. Often, the home network is coupled to the
Internet, thereby raising the possibility of transferring
unauthorized copies of copyrighted material from one Internet
Protocol home network to another.
[0005] Efforts are underway to apply DTCP technology to the IP home
network context. However, it is desirable to permit an authorized
licensee of digital content to transfer that digital content from
device to device within the home network. Thus, a significant
impediment to applying DTCP to the home IP based network comprises
permitting movement of content within the home IP network, while
preventing distribution of that content beyond the home via the
Internet.
BRIEF DESCRIPTION OF THE DRAWINGS
[0006] FIG. 1 is a schematic illustration of a prior art Internet
Protocol header.
[0007] FIG. 2 is a schematic illustration of an example networked
environment in which the example methods and apparatus disclosed
herein may be employed.
[0008] FIG. 3 is a schematic illustration of an example apparatus
to limit transmission of data to a localized area in a networked
environment.
[0009] FIG. 4 is a flowchart illustrating an example program for
implementing the apparatus of FIG. 3.
[0010] FIG. 5 is a flowchart illustrating an example prior art
method of operation of a router operating in accordance with the
Internet Protocol.
[0011] FIG. 6 is a schematic illustration of an example gateway
coupling a local network to a wide area network.
[0012] FIG. 7 is a flowchart illustrating an example method of
operation of the gateway of FIG. 6.
[0013] FIG. 8 is a schematic illustration of an example computer
that may be used to execute the program of FIG. 4 to implement the
apparatus of FIG. 3.
DETAILED DESCRIPTION
[0014] FIG. 1 is a schematic illustration of a prior art Internet
Protocol header 10. As is well known, whenever data is to be
transmitted in a network operating in accordance with the Internet
Protocol, a source device seeking to transmit the data must format
the data into a datagram including one or more independent packets.
Each packet is treated independently by the routers/switches in the
IP network, such that the packets in a datagram transmitted from a
source device to a sink device may be separated and routed through
different channels and reassembled at the sink device. Therefore,
each packet must contain the addressing information necessary to
route the packet to the intended sink device. To this end, each
packet is provided with an Internet Protocol (IP) header 10 as
shown in FIG. 1. Every IP packet is structured to include an IP
header 10 followed by a data field.
[0015] The IP header 10 contains many well known fields including,
for example, a version field 12, an Internet header length field
14, a type of service field 16, a total length field 18, an
identification field 20, a flags field 22, a fragment offset field
24, a time to live field 26, a protocol field 28, a header checksum
field 30, a source address field 32, a destination address field
34, an options field 36, and a padding field 38. These fields are
well known to persons of ordinary skill in the art and, with the
exception of the time to live field 26, will not be discussed in
detail herein.
[0016] The time to live field 26 is used to ensure that
undeliverable packets transmitted through the Internet do not
eternally flow from router to router thereby reducing Internet
performance. In particular, the time to live field 26 is set to a
value indicating the maximum life that the associated packet may
have in the Internet. Every time a packet is handled by a router or
switch (as used herein the terms router, switch, and router/switch
are interchangeable) operating in accordance with the Internet
Protocol, the router/switch reduces the value appearing in the time
to live field 26 of the header 10 by one. If a router/switch
receives a packet having a value in the time to live field 26 which
is equal to zero, it destroys the packet. This technique ensures
that undeliverable IP packets do not congest the network in the
event of routing loops caused, for example, by corrupted routing
tables.
[0017] The time to live field 26 uses seconds as its unit of
measure. However, since some router/switches will process a packet
in less than one second, the time that an undeliverable packet
lives in the Internet may be less than the number of seconds
indicated in the time to live parameter. Since every IP
router/switch that handles a packet decrements the value in the
time to live field 26 by one regardless of the actual time it takes
the router/switch to process the packet, the value in the time to
live field 26 may be thought of as a measure of the number of IP
routers/switches that may handle a packet before it is assumed
undeliverable and destroyed. Typically, the time to live field 26
is set to a value of 30 or higher.
[0018] FIG. 2 illustrates an example networked environment. In the
illustrated example, a first home network 40 is coupled to a second
home network 42 via the Internet 44. If the first home network 40
is authorized to access localized content, it is desirable for that
content to be freely routed within the confines of the home network
40. However, it is not desirable to permit the localized content to
be transmitted to the second home network 42 for unauthorized
consumption. As used herein, localized content refers to any data
and/or instruction wherein the distribution or transmission of that
data and/or instruction is intended to be limited to a local area
of a networked environment. Localized data can be propriertary or
public, restricted or unrestricted. For example, it is desirable to
ensure a UPnP (universal plug and play) command issued in one home
network does not reach a second home network where it can cause an
unwanted effect (e.g., a command to turn on the television in one
house turns on a television in a neighbor's house). Therefore, a
UPnP instruction may be localized data since transmission of the
UPnP instruction is intended to be limited to the local (e.g.,
home) network. As another example, localized data may comprise a
digital movie wherein it is desirable to prevent transmission of
the movie beyond the boundary of a home network.
[0019] An example apparatus 50 to limit exchange of localized data
is shown in FIG. 3. The illustrated apparatus 50 limits
transmission of localized data to a localized area of the network,
for example, to the home network 40, 42 in which the apparatus 50
is located. For purposes of discussion, it will be assumed in the
following that the apparatus 50 is located in the first home
network 40, the first home network 40 is authorized to access the
localized content, and the second home network 42 is not authorized
to access the localized content.
[0020] For the purpose of preparing digital data for transmission
in accordance with the Internet Protocol, the apparatus 50 of FIG.
3 is provided with a formatting engine 52. The formatting engine 52
responds to a request to send data over an IP based network by
developing an Internet datagram including one or more Internet
headers 10 in accordance with well known techniques. For example,
the formatting engine 52 populates one or more IP headers 10 for
the data to be transmitted with the information needed pursuant to
the Internet Protocol. For instance, the formatting engine 52
completes the version field 12, the Internet header length field
14, the type of service field 16, the total length field 18, the
identification field 20, the flags field 22, the fragment offset
field 24, the time to live field 26, the protocol field 28, the
header checksum field 30, the source address field 32, the
destination address field 34, the options field 36, and the padding
field 38 in the IP header(s) 10. The formatting engine 52 sets the
time to live field 26 to a standard value sufficient to ensure that
a deliverable packet will reach any destination on the Internet
(e.g., 30), but that undeliverable packets will be implicitly
identified and destroyed in a reasonable length of time (e.g., 30
seconds or less, depending on the speed of the routers/switches
that process the packets).
[0021] In order to determine if the data to be transmitted is
localized data, the apparatus 50 is further provided with a
localized content identifier 54. The localized content identifier
54 may identify localized content by, for example, reading a code
associated with the data to be transmitted. For instance, if the
data to be transmitted is protected by DTCP, the localized content
identifier 54 may determine the classification of the content by
reading the CCI code. Of course, other encoding schemes may be
employed to designate localized content. For example, localized
content may be packaged to include a header that designates the
protection level of the content (e.g., ranging from "one use" to
"freely copy").
[0022] Irrespective of the precise mechanism chosen to identify
localized content, if the localized content identifier 54
identifies the content to be transmitted as unrestricted to the
local network, then it forwards the packet(s) associated with that
content to a communication device 56 (e.g., a modem, etc.) for
transmission via the network (e.g., the network 40, 42 and/or 44).
If, on the other hand, the localized content identifier 54
identifies the content to be transmitted as localized (i.e.,
restricted to transmission within a local area of the network),
instead of routing the data immediately to the network via the
communication device 56, it permits a life limiter 58 to process
the data.
[0023] The life limiter 58 sets the time to live field 26
associated with the localized data to a value which limits the
number of IP routers/switches that may handle the localized data
before the localized data is destroyed to a level that
substantially precludes exchange of the localized data between the
source device in the home network 40 and a sink device in a second
home network (e.g., network 42). As discussed above, the formatting
engine 52 sets the time to live field 26 in the IP header(s) 10
associated with the datagram carrying the localized data to the
normal value (e.g., thirty) for standard Internet transmission of
data whose transmission area is not restricted. If the localized
content identifier 54 identifies the content to be transmitted as
localized data, the life limiter 58 reduces the value in the time
to live field 26 to a level lower than that required for standard
Internet transmission to thereby substantially limit transmission
of the localized data to a local area of the network (e.g., the
home network 40).
[0024] The topology of IP based home networks is relatively simple
when compared to the topology of the Internet. Specifically, the
number of routers/switches that a packet must traverse to move
between two devices in the typical home network is significantly
lower than the number of routers/switches a packet must traverse to
move between two end points on the Internet. Indeed, anecdotal data
suggests that typical home networks have fewer than five IP
routers/switches and that more than five IP routers/switches are
required to traverse an Internet path between homes (even when the
two homes are served by the same Internet Service Provider and are
in the same geographic area). Therefore, if the life limiter 58
sets the time to live field 26 of packet(s) carrying localized data
to, for example, five, the localized data packet(s) will be
destroyed by the IP routers/switches before they can reach an
intended destination in a second home network 42.
[0025] In particular, as stated above, IP routers/switches are
currently designed to reduce the value stored in the time to live
field 26 in the IP headers 10 they process by one, and to destroy
any packet they encounter which has a time to live value equal to
zero. Therefore, after the life limiter 58 sets the value stored in
the time to live field 26 of the IP packet(s) 10 associated with
the localized content to the reduced level discussed above (e.g.,
five), the communication device 56 is permitted to freely transmit
the packet(s) toward whatever destination address has been
specified by the user. If the destination address is outside a
localized area (e.g., the home network 40), the packet(s) carrying
the localized data will be destroyed by the IP routers/switches
pursuant to their normal behavior before those packets reach their
intended destination as a result of their reduced time to live
settings. If, however, the intended destination is within the
localized area (e.g., the home network 40), the packet(s) carrying
the localized data will reach their intended destination before
expiration of the shortened time to live. As a result, localized
data can be freely transferred within the localized area (e.g., the
home network 40), but is automatically destroyed if sent beyond the
boundary of the localized area (e.g., beyond the home network
40).
[0026] To reduce the opportunity for pirates to frustrate the above
described time to live mechanism for limiting transmission of
localized content to a local area of a networked environment, the
apparatus 50 is further provided with a tamper tester 60. Whenever
the apparatus 50 receives data packet(s) from the network, those
packet(s) are reviewed by the localized content identifier 54 to
determine if they contain localized data. If the packet(s) do not
contain localized data, they are saved in a local storage device 62
in the normal, prior art, manner for further processing by local
receiving devices (e.g., a television). If, however, the packet(s)
do contain localized data, the tamper tester 60 reviews their time
to live fields 26 to determine if those fields have been subjected
to tampering.
[0027] The tamper tester 60 may make this determination by, for
example, comparing the time to live field(s) 26 of the received
packet(s) to a threshold value such as the predetermined time to
live value set by the life limiter 58 (e.g., five) for packets
associated with localized content. If the time to live values of
the received packets exceed the predetermined time to live value
set by the life limiter 58 (e.g., five), the time to live field(s)
26 have been subjected to tampering. Whenever the tamper tester 60
determines that tampering has occurred, it destroys the associated
received data thereby frustrating the efforts of the pirates
involved in the tampering effort. If, however, no tampering is
detected, the tamper tester 60 stores the packet(s) in the local
storage device 62 in the normal prior art manner for further
processing by local receiving devices.
[0028] A flowchart representative of example machine readable
instructions for implementing the apparatus 50 of FIG. 3 is shown
in FIG. 4. In this example, the machine readable instructions
comprise a program for execution by a processor such as the
processor 1012 shown in the example computer 1000 discussed below
in connection with FIG. 6. The program may be embodied in software
stored on a tangible medium such as a CD-ROM, a floppy disk, a hard
drive, a digital versatile disk (DVD), or a memory associated with
the processor 1012, but persons of ordinary skill in the art will
readily appreciate that the entire program and/or parts thereof
could alternatively be executed by a device other than the
processor 1012 and/or embodied in firmware or dedicated hardware in
a well known manner. For example, any or all of the formatting
engine 52, the localized content identifier 54, the life limiter
58, and/or the tamper tester 60 could be implemented by software,
hardware, and/or firmware. Further, although the example program is
described with reference to the flowchart illustrated in FIG. 4,
persons of ordinary skill in the art will readily appreciate that
many other methods of implementing the example apparatus 50 may
alternatively be used. For example, the order of execution of the
blocks may be changed, and/or some of the blocks described may be
changed, eliminated, or combined.
[0029] The program of FIG. 4 begins at block 100 where the
formatting engine 52 determines if a request to send data has been
received. If no such request has been received, the apparatus 50
determines if a packet has been received from the network (block
102). Control continues to loop through blocks 100-102 until a
request to transmit data is received (block 100) or a packet is
received from the network (block 102).
[0030] Assuming that a request to send data had been received
(block 100), the data is formatted by the formatting engine 52 into
one or more IP packets for transmission via the network in
accordance with well known formatting techniques. Control then
advances to block 104. At block 104, the localized content
identifier 54 determines if the data to be transmitted includes
localized content. If the data includes localized content (block
104), the life limiter 58 sets the time to live field(s) 26 of the
packet(s) to be transmitted to a predetermined value (e.g., five)
which is sufficiently low to ensure that the packet(s) will not
survive long enough to reach an IP address outside of a localized
area of the network (e.g., the home network) in which the source
device is located (block 106). The packet(s) are then transmitted
(block 110) and control returns to block 100.
[0031] If, however, the packet(s) do not contain localized content
(block 104), control advances directly from block 104 to block 110
such that the packet(s) are transmitted without adjustment to their
time to live field(s) 26.
[0032] Assuming, for purposes of discussion that packet(s) are
received from the network (block 102), control advances to block
112. At block 112, the localized content identifier 54 determines
if the received packet(s) contain localized content. If the
received packet(s) contain localized content (block 112), the
tamper tester 60 compares the value(s) stored in the time to live
field(s) 26 of the received packet(s) to a threshold value (e.g.,
five) to determine if the received packet(s) were tampered with in
an effort to frustrate the transmission limit (block 114). If no
tampering is detected (block 114), the tamper tester 60 forwards
the packet(s) to the local storage device 62 for further processing
and/or consumption (block 116). Control then returns to block
100.
[0033] If tampering is detected (block 114), the tamper tester 60
destroys the received packet(s) (block 118). Control then returns
to block 100.
[0034] FIG. 5 illustrates the operation of a prior art IP
router/switch. The router/switch waits to receive an IP packet
(block 150). When an IP packet is received (block 150), the
router/switch examines the time to live field 26 of the header 10
associated with the packet. If the value stored in the time to live
field 26 is equal to zero (block 152), the router/switch forwards
the packet to another router/switch or the destination address
identified in the packet header in accordance with the Internet
Protocol (block 154). Control then returns to block 150. If,
however, the value stored in the time to live field 26 is not equal
to zero (block 152), the router/switch destroys the packet (block
156). Control then returns to block 150.
[0035] As discussed above, routers and/or gateways in an Internet
Protocol based network are structured to automatically decrement
the time to live field 26 of every packet they route by one. To
further enhance the reliability of the disclosed methods and
apparatus, a gateway or router that couples the local network
(e.g., home network 40) to the wide area network (e.g., the
Internet 44) may be modified to decrement the time to live field 26
of every packet received from the local network by a value greater
than one. For example, the router/gateway may be structured to
decrement the time to live field 26 of packets received from the
local network (e.g., home network 40) by a value of N, where N is
the expected number of routers in the average home network (e.g.,
five). If the packet is associated with localized data, its time to
live field 26 will have been set to a low level (e.g., five) as
explained above. Thus, if selected to be large enough, the
unusually large decrement of the time to live field 26 by the
gateway/router will ensure that localized packets will be destroyed
before entering the wide area network.
[0036] However, since non-localized packets have a normal time to
live value, and since a normal time to live value is typically
twice as large as needed for the packet to reach its intended
destination, the unusually large decrementing of the non-localized
packet by the router/gateway coupling the local network to the wide
area network will not impede deliver of the non-localized packets
received from the local network. Instead, the packets associated
with non-localized data will enter the wide area network and be
routed to their intended destinations in the ordinary fashion.
[0037] The modified router/gateway connecting the local area
network to the wide area network may be structured to decrement the
time to live field 26 of packets traveling to the local area
network from the wide area network by the conventional amount
(e.g., one). Thus, the modified router/gateway would apply a
different decrement to the time to live field 26 of received
packets depending upon their point of origin (e.g., the local
network or the wide area network) or direction of travel (e.g.,
into the local network versus out of the local network).
[0038] An example modified gateway/router coupling a local network
(e.g., home network 40) to a wide area network (e.g., the Internet)
is shown in FIG. 6. As shown in FIG. 6, the modified gateway/router
includes a source identifier 180 which operates to determine if a
packet received at the gateway originated in the local network or
the wide area network. It also includes a life limiter 182. The
life limiter 182 responds to the source identifier 180 by
decrementing the time to live field 26 of the received packet by a
first value if the packet originated in the local network and a
second value if the packet originated in the wide area network.
[0039] The example gateway of FIG. 6 also includes a packet
destroyer 184 to review the value in the time to live field 26 and
to destroy the associated packet if that value falls to zero in the
conventional fashion of known IP routers. Also like known IP
routers, the example gateway of FIG. 6 includes a routing engine
186 to route packets having a non-zero value in their time to live
field 26 in accordance with the Internet Protocol.
[0040] FIG. 7 illustrates the operation of the example gateway of
FIG. 6 in greater detail. The gateway/router/switch waits to
receive an IP packet (block 250). When an IP packet is received
(block 250), the source identifier 180 determines if the packet
originated in the local network or the wide area network (block
252). If the packet was received from the wide area network (block
252), the life limiter 182 decrements the time to live field 26 by
one (block 254). If the packet was received from the local network
(block 252), the life limiter 182 determines if the time to live
field 26 of the received packet contains a value that is less than
N (block 256). If so, the life limiter 182 reduces the value in the
time to live field to zero (block 258) and control advances to
block 262. Otherwise, if the value in the time to live field 26 is
greater than or equal to N (block 256), the life limiter 182
decrements the value in the time to live field 26 of the packet by
the value N (block 260). The value N can be any desired value
greater than one (e.g., five) but small enough to not interfere
with transmission of non-localized data.
[0041] After the time to live field 26 is decremented by an
appropriate amount (block 254, block 258 or block 260), control
advances to block 262 where the packet destroyer 184 of the gateway
examines the time to live field 26 of the header 10 associated with
the packet. If the value stored in the time to live field 26 is
equal to zero (block 262), the packet destroyer 184 destroys the
packet (block 264). Control then returns to block 250. If the value
in the time to live field 26 is not equal to zero (block 262), the
routing engine 186 forwards the packet to another
gateway/router/switch or the destination address identified in the
packet header in accordance with the Internet Protocol (block 268).
Control then returns to block 250.
[0042] FIG. 8 is a block diagram of an example computer 1000
capable of implementing the apparatus and methods disclosed herein.
The computer 1000 can be, for example, a server, a personal
computer, a personal digital assistant (PDA), an Internet
appliance, a DVD player, a CD player, a digital video recorder, a
personal video recorder, a set top box, or any other type of
computing device.
[0043] The system 1000 of the instant example includes a processor
1012. For example, the processor 1012 can be implemented by one or
more Intel.RTM. microprocessors from the Pentium.RTM. family, the
Itanium.RTM. family or the XScale.RTM. family. Of course, other
processors from other families are also appropriate.
[0044] The processor 1012 is in communication with a main memory
including a volatile memory 1014 and a non-volatile memory 1016 via
a bus 1018. The volatile memory 1014 may be implemented by
Synchronous Dynamic Random Access Memory (SDRAM), Dynamic Random
Access Memory (DRAM), RAMBUS Dynamic Random Access Memory (RDRAM)
and/or any other type of random access memory device. The
non-volatile memory 1016 may be implemented by flash memory and/or
any other desired type of memory device. Access to the main memory
1014, 1016 is typically controlled by a memory controller (not
shown) in a conventional manner.
[0045] The computer 1000 also includes a conventional interface
circuit 1020. The interface circuit 1020 may be implemented by any
type of well known interface standard, such as an Ethernet
interface, a universal serial bus (USB), and/or a third generation
input/output (3GIO) interface.
[0046] One or more input devices 1022 are connected to the
interface circuit 1020. The input device(s) 1022 permit a user to
enter data and commands into the processor 1012. The input
device(s) can be implemented by, for example, a keyboard, a mouse,
a touchscreen, a track-pad, a trackball, isopoint and/or a voice
recognition system.
[0047] One or more output devices 1024 are also connected to the
interface circuit 1020. The output devices 1024 can be implemented,
for example, by display devices (e.g., a liquid crystal display, a
cathode ray tube display (CRT), a printer and/or speakers). The
interface circuit 1020, thus, typically includes a graphics driver
card.
[0048] The interface circuit 1020 also includes a communication
device (e.g., communication device 56) such as a modem or network
interface card to facilitate exchange of data with external
computers via a network 1026 (e.g., an Ethernet connection, a
digital subscriber line (DSL), a telephone line, coaxial cable, a
cellular telephone system, etc.).
[0049] The computer 1000 also includes one or more mass storage
devices 1028 for storing software and data. Examples of such mass
storage devices 1028 include floppy disk drives, hard drive disks,
compact disk drives and digital versatile disk (DVD) drives. The
mass storage device 1028 may implement the local storage device
62.
[0050] From the foregoing, persons of ordinary skill in the art
will appreciate that the above disclosed methods and apparatus
employ the time to live field 26 found in IP headers 10 to define
the boundary between a home or local network and the Internet. By
setting the time to live field(s) 26 of IP headers associated with
localized content to a relatively low level, the disclosed
apparatus and methods permit transmission of localized data within
an IP based home network or within a localized area of an IP
network surrounding the source device, while impeding such
transmission beyond the home network or localized area. This
limitation on the transmission of localized content to a local area
of a networked environment is achieved independent of requiring
encryption of the localized content or authentication of the
transmitting and receiving devices. This control over transmission
of localized content is also achieved without violating the layered
protocol model and without tying content control messages to lower
layers of the protocol stack (e.g., Ethernet frame). The content
control technique of the illustrated examples is relatively
inexpensive and transparent to users. The disclosed control
technique also enables seamless IP transport across multiple
physical layer technologies (e.g., wired and wireless).
[0051] Persons of ordinary skill in the art will appreciate that
the disclosed methods and apparatus are not limited to controlling
distribution of proprietary content. Instead, they may be employed
to limit distribution of any data or instruction to a local area of
a networked environment. Thus, any data and/or instruction, whether
proprietary, secret, public, restricted and/or unrestricted may be
"localized content" whose distribution is limited by the apparatus
and methods disclosed herein.
[0052] Although certain example methods and apparatus have been
described herein, the scope of coverage of this patent is not
limited thereto. On the contrary, this patent covers all methods,
apparatus and articles of manufacture fairly falling within the
scope of the appended claims either literally or under the doctrine
of equivalents.
* * * * *